You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Gerry Kaplan <gk...@kaplansoftware.com> on 2005/11/07 04:17:30 UTC
Authentication question
My application requires an additional step for authentication. First, the
user id and password must be validated as usual. I have this part working
just fine. Once the user is authenticated, an additional check needs to be
made to determine whether the user's account status is "active". If the user
is "suspended" (possibly due to a declined credit card transaction), then I
want the user to be redirected to a page which tells them to contact
customer support -- they should not be allowed to be authenticated.
What is the best way to handle this.
Here's a simple flow for what I need:
User fills in the login page.
If userid/pwd correct
if account status is "OK"
redirect to user's home page
else
invalidate the user's session
redirect to "contact us" page
end-if
Else
redirect to "incorrect pwd, try again" page.
End-if
Certainly this is a common scenario. I read through the Authentication
framework and understand the basic authentication (which is working fine),
but I don't understand what the additional configuration options give me
(there's no examples of how to use them).
Help please?
Gerry